Many modern processors have different privilege levels that determine what can and cannot be executed by a particular entity. One common view of this divides privilege levels into different rings. As illustrated in FIG. 1, ring 0 is the highest privilege level, and therefore, programs that run in Ring 0 (privilege level 0 or the kernel mode) can do anything with the system, while code that runs in Ring 3 (user mode) has lesser privileges and therefore, is limited in its ability. This separation of privileges protects one ring 3 application from another ring 3 application, and protects ring 0 kernel from ring 3 applications. A ring 3 application should be able to fail at any time without impact to the rest of the computer system because critical tasks that keep computer running are available to ring 0 kernel and not ring 3 applications. Ring 1 and Ring 2 are more restrictive than Ring 0, but less than Ring 3.
These levels provide hardware protection against accidental or deliberate corruption of the system environment (and corresponding breaches of system security) by software. Only “trusted” portions of system software are allowed to execute in the unrestricted environment of kernel mode, and only then when absolutely necessary. All other software executes in one or more user modes.